Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling
Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling
Android 推出新功能打击电话诈骗,验证来电者身份
I’ve been covering spam calling for years, so when Google offered me details about a new Android feature built to detect and flag spoofed calls, I was ready to hear more. What I didn’t expect from the demo was to hear my own voice. 我报道垃圾电话已经多年了,所以当谷歌向我提供有关 Android 一项旨在检测和标记虚假来电的新功能详情时,我非常感兴趣。但我没想到在演示中竟然听到了我自己的声音。
“I’m so excited to be interviewing you today about this new fake-call detection feature!” I heard myself saying, while a headshot I’ve used publicly for years popped up on the demo device. The caller ID name said “Lily.” “Unfortunately, I lost my wallet and I’m stuck. Any chance you can Venmo me so I can take an Uber to the interview?” “我很高兴今天能就这个新的虚假来电检测功能采访你!”我听到自己这样说道,同时我多年来公开使用的一张头像出现在演示设备上。来电显示的名字是“Lily”。“不幸的是,我丢了钱包,现在被困住了。能不能给我转点钱,让我打个 Uber 去参加面试?”
As my disembodied voice calmly made the ask, a pop-up appeared as an overlay on the regular call screen: “This may not be Lily. Someone may be pretending to call from your contact’s number.” 当我的声音冷静地提出请求时,常规通话屏幕上弹出一个覆盖层:“这可能不是 Lily。有人可能冒充你的联系人号码拨打电话。”
For Android phones calling each other, the new feature does a digital validity check and flags with a pop-up warning if a call isn’t coming from your contact’s smartphone and may be a scam. When the feature flags a call as a scam, it instantly removes the contact photo from the backdrop of the call to underscore the seriousness of the situation (not shown in the prototype demo Google made for WIRED). And the feature also changes the entry in Android’s recent call log to say “Unknown” instead of displaying the contact name. 对于 Android 手机之间的通话,该新功能会进行数字有效性检查;如果来电并非来自你联系人的真实智能手机,且可能存在诈骗风险,系统会弹出警告。当该功能将通话标记为诈骗时,它会立即从通话背景中移除联系人照片,以强调情况的严重性(谷歌为《连线》杂志制作的原型演示中未展示此细节)。此外,该功能还会将 Android 最近通话记录中的条目更改为“未知”,而不是显示联系人姓名。
Spam calls have been a scourge for decades, and the threat has only ramped up as attackers have started incorporating AI voice-cloning tools into their attacks—making it possible to convincingly mimic an acquaintance of a victim, or even a family member, in real time. And while a years-long push has improved detection of traditional robocalling, it hasn’t eliminated the problem, and not all spam calls get flagged. Those calls that still slip through the cracks are particularly problematic as attackers focus their attention on impersonation scams—making it look like their call is coming from a number you trust, or at least recognize, and then using AI tools to sound like the person you expect when you pick up. 几十年来,垃圾电话一直是个毒瘤,随着攻击者开始将 AI 语音克隆工具引入攻击手段,这种威胁愈演愈烈——他们能够实时逼真地模仿受害者的熟人,甚至是家庭成员。尽管多年来的努力改善了对传统自动语音电话的检测,但并未彻底消除这一问题,并非所有垃圾电话都能被标记。那些漏网之鱼尤其棘手,因为攻击者专注于冒充诈骗——让来电看起来像是来自你信任或至少熟悉的号码,然后在你接听时使用 AI 工具模拟你预期中的那个人。
With these types of invasive and potentially devastating scams on the rise, Dave Kleidermacher, Android’s vice president of security and privacy, and Eugene Liderman, director of Android security and privacy product, say that there was a real desire within Google to move defenses for victims forward. And they emphasized that while an obvious strategy is to attempt to fight fire with fire—to use AI tools to help detect voice clones in calls—this strategy alone is insufficient. It can have false positives and false negatives, but it can also feed an endless arms race between attackers and defenders. 随着这类侵入性且可能造成毁灭性后果的诈骗日益增多,Android 安全与隐私副总裁 Dave Kleidermacher 和 Android 安全与隐私产品总监 Eugene Liderman 表示,谷歌内部确实希望推动受害者防御机制的升级。他们强调,虽然一种显而易见的策略是以毒攻毒——利用 AI 工具帮助检测通话中的语音克隆,但仅靠这一策略是不够的。它不仅可能出现误报和漏报,还会加剧攻击者与防御者之间无休止的军备竞赛。
“We’re always looking at whether there is a provable way, something much higher confidence that we can do,” Kleidermacher says. “我们一直在寻找是否有某种可证明的方法,一种我们能做到的、置信度更高的方式,”Kleidermacher 说道。
The feature is built on the RCS communication standard and baked into the Google Dialer. Beginning today, it will start rolling out in updates for all Android phones running Android 12 (from 2021) and later. The mechanism uses RCS to digitally bind your phone number with your actual smartphone handset. When you call another Android user, your device will send what Kleidermacher describes as “a real-time, silent background confirmation signal” to the device of the person you’re calling to verify the legitimacy of your call. If that hardware-based confirmation is missing, the Google Dialer will flag the call. 该功能基于 RCS 通信标准构建,并内置于 Google Dialer(谷歌拨号器)中。从今天开始,它将通过更新推送给所有运行 Android 12(2021 年发布)及更高版本的 Android 手机。该机制利用 RCS 将你的电话号码与你的真实智能手机硬件进行数字绑定。当你呼叫另一位 Android 用户时,你的设备会向对方设备发送 Kleidermacher 所称的“实时、静默的后台确认信号”,以验证通话的合法性。如果缺少这种基于硬件的确认,Google Dialer 就会标记该通话。
“If you’re calling me and we’re in each others’ mutual contacts databases, and we’re both using the Google dialer that has this capability built into it, then I will always know if it’s really you,” Kleidermacher says. “If someone tries to call me through a VoIP session or some other mechanism and spoof your phone number and your voice, the Dialer will say that this is not you.” “如果你给我打电话,且我们都在彼此的联系人数据库中,并且我们都使用内置此功能的 Google Dialer,那么我总能知道那是不是真的你,”Kleidermacher 说。“如果有人试图通过 VoIP 会话或其他机制拨打我的电话,并冒充你的号码和声音,拨号器就会提示这不是你。”
The feature is meant to be very straightforward, and the pop-up for a potential scam call simply offers the option to hang up. Phones running Android 12 or later are ubiquitous around the world, but for the feature to truly have an impact, it would need to be incorporated into basically every device, including Apple’s iPhones. Google says it intentionally built the feature on RCS so it will be maximally interoperable with as many platforms as possible. Apple did not immediately return a request for comment about whether it has any plans to implement the feature or a similar one in its iOS mobile operating system. 该功能旨在保持简洁,针对潜在诈骗电话的弹窗仅提供挂断选项。运行 Android 12 或更高版本的手机在世界各地随处可见,但要使该功能真正产生影响,它需要被整合到几乎所有设备中,包括苹果的 iPhone。谷歌表示,他们特意基于 RCS 构建此功能,以便能与尽可能多的平台实现最大程度的互操作。苹果公司未立即回应关于其是否有计划在 iOS 移动操作系统中实现该功能或类似功能的置评请求。
For now, Kleidermacher says he hopes the feature will play a role in protecting people from a type of scam that can fool anyone—with potentially disastrous consequences. “Some of these attacks individually are just very devastating,” he says. “People lose a lot, and it’s very scary.” 目前,Kleidermacher 表示他希望该功能能在保护人们免受此类诈骗方面发挥作用,因为这种诈骗可能欺骗任何人,并带来潜在的灾难性后果。“其中一些攻击单独来看就极具破坏性,”他说。“人们损失惨重,这非常可怕。”